A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication.
References
Link | Resource |
---|---|
https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/WR840N%20v6/ACL%20bypass%20Vulnerability%20in%20TP-Link%20TL-WR840N.md | Third Party Advisory Exploit |
Configurations
Configuration 1 (hide)
AND |
|
History
06 Jun 2025, 17:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:tp-link:wr840n_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:tp-link:wr840n:6:*:*:*:*:*:*:* |
|
First Time |
Tp-link wr840n
Tp-link wr840n Firmware Tp-link |
|
References | () https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/WR840N%20v6/ACL%20bypass%20Vulnerability%20in%20TP-Link%20TL-WR840N.md - Third Party Advisory, Exploit |
19 Feb 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
18 Feb 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-02-18 15:15
Updated : 2025-06-06 17:59
NVD link : CVE-2024-57050
Mitre link : CVE-2024-57050
CVE.ORG link : CVE-2024-57050
JSON object : View
Products Affected
tp-link
- wr840n
- wr840n_firmware
CWE
CWE-287
Improper Authentication